Описание
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия от 9.3 (включая) до 9.3.0.35 (исключая)Версия от 9.4 (включая) до 9.4.0.36 (исключая)Версия от 9.5 (включая) до 9.5.0.5 (исключая)
Одно из
cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.44443
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
EPSS
Процентиль: 97%
0.44443
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo